Critical severity9.8NVD Advisory· Published Nov 23, 2017· Updated Jun 17, 2026
CVE-2017-16931
CVE-2017-16931
Description
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <2.9.5
Patches
Vulnerability mechanics
References
5- github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3nvdPatchThird Party Advisory
- xmlsoft.org/news.htmlnvdRelease NotesVendor Advisory
- bugzilla.gnome.org/show_bug.cginvdPermissions Required
- lists.debian.org/debian-lts-announce/2017/11/msg00041.htmlnvd
- www.oracle.com//security-alerts/cpujul2021.htmlnvd
News mentions
0No linked articles in our index yet.